REMARKS/ARGUMENTS 
Claims 1-18 remain pending in this application. For at least the reasons stated below, 
Applicant asserts that all claims are now in condition for allowance. 



OBJECTION TO SPECIFICATION 

Applicant thanks the Examiner for holding the objection to the specification in abeyance. 

CLAIM REJECTIONS UNDER 35 U.S.C. S 102 

Claims 1-18 are rejected under 35 U.S.C. § 102(e) as being anticipated by Chang etaL, U.S. 

patent No. 6,157,953. Applicant respectfully opposes these rejections. Applicant asserts that not 

every element of every claim is taught by the reference. MPEP § 2131 provides: 

"A claim is anticipated only if each and every element as set forth in 
the claim is found, either expressly or inherently described, in a 
single prior art reference." Verdegaal Bros, v. Union Oil Co. of 
California, 814 F.2d 628, 631, 2 USPQ2d 1051, 1053 (Fed. Cir. 
1987). "The identical invention must be shown in as complete detail 
as is contained in the ... claim." Richardson v. Suzuki Motor Co., 868 
F.2d 1226, 1236, 9 USPQ2d 1913, 1920 (Fed. Cir. 1989). The 
elements must be arranged as required by the claim. 

The present invention generally provides for a method for maintaining a security profile 
throughout nested service invocations on a distributed, component-based system, including the 
following elements: 

(a) providing interconnections between distributed components each having nested 
service invocations; 

(b) identifying a user; 

(c) associating the user with roles; 

(d) creating a user context instance upon successful identification of the user, wherein 
the user context instance includes information about the user including the roles; 

(e) receiving a request from the user to invoke a first service on a first component, 
wherein the first component invokes a second service of a second component, and 
wherein completion of the second service is necessary to complete the first service; 

(f) querying the user context for the information about the user; 

(g) comparing the user information with an access control list for verifying that the user 
has access to the first component; and 

(h) comparing the user information with an access control list for verifying that the user 
has access to the second service of the second component 

Because not every element of every claim is taught by the reference, the Examiner's § 102 

rejections are unsupported by the art and should be withdrawn. 

Completion of the Second Service is Necessary to Complete the First Service Where the First 
Component Invokes the Second Component 

In the present claimed invention, a first service is invoked on a first component, and a second 

service is invoked on a second component. Element (e) of independent claims 1, 7, and 13 requires 

completion of the second service in order to complete the first service " wherein the first component 

invokes a second component " (emphasis added). As Applicants previously noted in the May 21, 
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2002, Amendment, "there is a specific relationship between the first service... and the second 
services" and the components on which these services are invoked. Examiner's attention is drawn to 
at least two aspects of that relationship as claimed in the present invention: (1) completion of the 
second service is necessary to complete the first service, and (2) the first component, on which the 
first service is invoked, invokes the second service on the second component. In the Office Action 
dated August 8, 2002, Examiner only addressed the first aspect of this relationship, but not the latter. 

Chang describes a "method and apparatus of securing access to a service manager for the 
administration of services residing on multiple service host computers..." (abstract), and is geared 
towards "automating the process of registering new applications and services at a central 
management location, such as a Web server, thereby reducing the amount of information the system 
administrator must remember and making a service available to end-users sooner" (col. 5, In. 39-44). 

However, Chang fails to describe the relationship between a first service/component and a 

second service/component as claimed in the present invention. In the Office Action dated August 8, 

2002, Examiner asserts: 

Chang teaches that when the user selects an instance of a service 
(first component), the user needs to enter information such as name 
and password to access the system, then the system compares the user 
credentials or profile against the user's authentication and access 
control data in the database (second component); the verification 
(second service) has to be performed before a connection (first 
service) is made (col. 7, lines 21-34; col. 13, lines 21-34). 

Yet, Chang does not teach a single service/component (i.e. the "first service" invoked on the "first 

component") that both (1) depends on a second service for completion, and (2) invokes the second 

service on the second component. 

Rather, Chang teaches selecting a service (218) (first component) from a service host 

(204/206) (col. 13, In. 21-23; col. 6, In. 1; Fig. 2). Further, Chang teaches that the verification 

(second service) performed on the database (212) (second component) is invoked by the console host 

(208) via servlet CGI (228) and authentication layer (230) (col. 7, In. 21-34; Fig. 2). In other words, 

Chang describes not that the first component (service, 218) invokes the second component (database, 

212), but rather that a third component (console host, 208) invokes the second component (database, 

212). To clarify the above-described flow, the following diagram is provided: 

Claimed Invention: 

• user request -> invokes first service on first component 

• first component s invokes second service on second component 

Chang: 

• user request -> invokes first service (connecting to service, 2 1 8) on first component (service, 2 1 8) 

• third component (console host, 208)-> invokes second service (verification) on second component (DB, 212) 

As illustrated above, Chang does not teach the first component invoking the second component, but 
rather some third component (i.e. the console host, 208), which was not requested by the user as 
claimed in the present invention, invoking the second component. 
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For at least the forgoing reasons, Chang does not set forth each and every element of the 
claims of the present invention. Specifically, nowhere does Chang describe (1) completion of a 
second service that is necessary to complete the first service, and (2) a first component, on which the 
first service is invoked, that invokes the second service on the second component. Further, Chang 
unequivocally does not described the "identical invention" "in as complete detail as is contained in 
the ... claim[s]" of the present invention as required by the Federal Circuit in Richardson. 

Chang Does Not Describe Every Element Set Forth in Claims 1-18 

As noted above, a claim is only anticipated if every element as set forth in the claim is found 
in a single prior art reference; the identical invention must be shown in as complete detail as is 
contained in the claim. For at least the reasons stated above, Chang clearly does not show the 
"identical invention" and "every element" of independent claims 1, 7, and 13. Accordingly, 
Applicant respectfully requests that the Examiner's §102 rejections as to claims 1, 7, and 13 be 
withdrawn. 

Further, because dependent claims 2-6, 8-12, and 14-18 depend from independent claims 1, 
7, and 13 respectively, Chang also fails to show every element of the dependent claims. 
Accordingly, Applicant respectfully requests that the Examiner's §102 rejections as to claims 2-6, 8- 
12, and 14-18 also be withdrawn. 

Additional Arguments as to Claims 5, 77, and 17 

Dependent claims 5, 1 1, and 17 provide for the first service associating objects with the user 
context, wherein the object was created, updated, or deleted as a result of the invocation of the first 
service, (specification, p. 630, In. 9-16; Fig. 154). Chang describes using objects for storage (col. 
15, In. 25-28) and receipt of data objects by a CPU (col. 16, In. 2-6). However, Chang makes no 
other mention of objects, let alone association of objects with a user context. Nowhere does Chang 
describe that the "first service invoked associates any objects created, updated, or deleted as a result 
of the invocation of the first service with the user context instance" as set forth in claims 5, 1 1, and 
17. 

For these additional reasons, Chang further fails to show every element of dependent claims 
5, 11, and 17. 
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CONCLUSION 

For at least the above-indicated reasons, Applicant submits that all pending claims are now 
allowable and respectfully requests that a Notice of Allowance be issued in this case. If the 
Examiner believes that a conference would be of value in expediting the prosecution of this 
application, the undersigned can be reached at the telephone number listed below. 

Should any additional fees be necessary, the Commissioner is hereby authorized to charge or 
credit any such fees or overpayment to Deposit Account No. 50-1901 (Reference #60021-326501). 

Respectfully submitted, 




Steven C. Lieske, Keg. No. 47,749 
Customer No. 29838 

Oppenheimer Wolff & Donnelly LLP 

1400 Page Mill Road 
Palo Alto, CA 94304-1124 
Telephone: 612.607.7508 
Facsimile: 612.607.7100 
E-mail: SLieske@oppenheimer.com 
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